I disagree, Yii should keep using forms the way they are now. If you choose to make a form public then you are responsible to address the problem with custom bots. Besides your solution might work for a few bots, not all of them.

@samdark:
I'm not really for obfuscating. But in some scenarios i find it better to have form field names like "query" instead of "SearchForm[query]". Consider such a search form which you want to submit via GET. So you want your search results to be shown under a nicer URL like: ...?query=myQueryString. As a workaround i now render custom form fields. But then i can't use the gimmicks of CActiveForm.

I'm not asking for changing the default which is fine for most cases. I just want more freedom for the experienced developer who knows what he is doing.

So the question is: Will there be a way in 2.0 to modify the way, Yii generates form input names?

I wonder if it's not better to let the models generate their form names then. I think, such a change would make form handling more flexible and still can easily provide backwards compatibility. What do you think?

This way the OP could also create obfuscated form inputs if he wants to. This is really an advanced feature, though. The developer must understand the consequences (e.g. problems if he submits several models from 1 form).

We already do so with form labels. In some way you can even say that a form input name is just another property of a model. So i would not consider this a big break in MVC, rather a pragmatic decision. At least i can not think of a better way to make this more flexible.

Still i disagree with the final conclusion. In my opinion we should not worship MVC as the golden calf if there's good reason to lessen the strict paradigm slightly. I'd say that this is such a case: the framework forces me to do things the Yii way. If i don't (=use my custom form inputs) i can't use many features anymore (e.g. clientside and AJAX based validation). If this can be solved with a minor break in MVC i can't see, why we should not. This is just an unneccesary restriction.

Thanks, i didn't think of that. But unfortunately it does not work: If i set the 'name' attribute, it also sets this as the 'id' of the input element. This breaks the clientside configuration of CActiveForm. For example if i have a model User with field email, the input is <input id="email" name="email" but the inline js configures it like {'id':'User_email'.